Hear about Modernizing the SOC for Efficiency Using Azure Sentinel at the Azure Summit in September

I'm happy to report I'll be bringing the Azure Sentinel goodness to one of the largest cloud events in September. How big is it? 50,000 attendees, 120 speakers, and 110 sessions. That's massive. And, I feel hugely blessed to be bringing the Azure Sentinel message to that audience. But, with that number of sessions on … Continue reading Hear about Modernizing the SOC for Efficiency Using Azure Sentinel at the Azure Summit in September

Not to Miss: Azure Sentinel Costs and Costs Management Webinar

Talking with the customers regularly, I spend the first few minutes showing them the goodness and value of a cloud-based, hybrid and multi-cloud SIEM. Azure Sentinel is a SIEM+SOAR service that is growing quickly and customers are thoroughly interested. But, after that first few minutes of discussion and demo, the conversation always turns to cost. … Continue reading Not to Miss: Azure Sentinel Costs and Costs Management Webinar

How to Deploy the Azure Global IP Services List to an Azure Sentinel Watchlist

On Wednesday of this week, there were a couple announcements around enhancements to the Watchlisting capability for Azure Sentinel. If you missed those, please read What's New: Azure Sentinel Watchlist Support for ARM Templates! - Microsoft Tech Community and What’s New: Azure Sentinel Update Watchlist UI Enhancements - Microsoft Tech Community. On Wednesday evening, we … Continue reading How to Deploy the Azure Global IP Services List to an Azure Sentinel Watchlist

Access Required to Adjust Azure Sentinel Permissions to Run Playbooks

This is an area that's not highlighted anywhere in particular - or, at least not highlighted well enough - but the question does come up quite a bit. Q: What role or access is required to enable or modify the ability for Azure Sentinel to run Playbooks? This question comes up after an Azure Sentinel … Continue reading Access Required to Adjust Azure Sentinel Permissions to Run Playbooks

How to Import and Export Azure Sentinel Analytics Rules Using the Console

Hopefully, you already know about the methods using PowerShell to import and export Azure Sentinel Analytics Rules. If not, see How to Import One or Multiple Analytics Rules into Azure Sentinel – Azure Cloud & AI Domain Blog (azurecloudai.blog) and Official Azure Sentinel PowerShell Module Released – Azure Cloud & AI Domain Blog (azurecloudai.blog). But, … Continue reading How to Import and Export Azure Sentinel Analytics Rules Using the Console

How to Limit What Azure Sentinel Collects from Windows Systems

The holy grail for data collection from Windows systems is here. Today marks the beginnings of the capability to enable Azure Sentinel customers to manage and filter the amount of information through the types of Event IDs that are collected and sent to the Log Analytics workspace. This has been a big ask of Azure … Continue reading How to Limit What Azure Sentinel Collects from Windows Systems

Replay Available: Cicadas and Microsoft Defender for Identity on the Microsoft Security Insights Podcast

Edward was out again this week so I filled in, helping as a guest-host once again. The discussion was wonderful and I learned a heap about Microsoft Defender for Identity, including some things I've been asked about by customers recently. Now, I can go back to those customers and sound really cool and intelligent. I … Continue reading Replay Available: Cicadas and Microsoft Defender for Identity on the Microsoft Security Insights Podcast

How to Configure Users for Teams Integration and Privileged Access Separation for Azure Sentinel

In Azure Sentinel, its easy to quickly create a Teams channel for a specific Incident to use as a centralized "war room" for critical events. You choose the Action option for the Incident, choose Create Team and supply the Teams channel information along with who should have proper access through AAD Group inheritance. Once the … Continue reading How to Configure Users for Teams Integration and Privileged Access Separation for Azure Sentinel

How to Use the UEBA Enrichments in Azure Sentinel

As the UEBA feature of Azure Sentinel is continually being built-out and improved, there's some capability you should be aware of. First off, there's a great enrichment reference here: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/sentinel/ueba-enrichments.md Using this reference, you can develop your queries to use the enriched data provided in the rows and columns of this analyzed data. Some of … Continue reading How to Use the UEBA Enrichments in Azure Sentinel